Keycloak/OIDC : retrieve user groups attributes

前端 未结 2 1404
花落未央
花落未央 2021-02-08 22:21

I\'ve extracted a user\'s groups information from the OIDC endpoint of Keycloak, but they don\'t come with the group ATTRIBUTES I defined (see Attributes tab into the group form

2条回答
  •  星月不相逢
    2021-02-08 22:55

    I was able to achieve this by adding groups/roles info in token other claims property:

    For this in keycloak config, go to your client -> mappers & add a group/role mapper. E.g.

    Now this info will start coming in your access token:

    To access these group attribute in Java you can extract it from otherclaims property of accesstoken. E.g.:

    KeycloakSecurityContext keycloakSecurityContext = (KeycloakSecurityContext)(request.getAttribute(KeycloakSecurityContext.class.getName()));         
    AccesToken token = keycloakSecurityContext.getToken();
    

    In below image you can see that otherclaims property of token is filled with groups attribute that we created on keycloak. Note that if we had named "token claim property" as groupXYZ, the otherclaims would be showing: groupsXYZ=[Administrator]

提交回复
热议问题